VirusTotal/Hybrid-Analysis Result (Same as Firefox)

[antuketot76]

Below are some my analysis inside HA and VT.

Hybrid Analysis - HERE
VirusTotal - HERE

But there is 2 file detected as malicious

Check it out for file intergrity

[intika]

Those files are coming from the official Mozilla Firefox built, as the project is young i am not distributing a built from sources version.

Those files are signed with mozilla certificates.

You will get the exact same result with the official Firefox files because they are the same not modified you can try that out Firefox Setup 63.0.3.exe it's the sames files (to extract the exe, once you run it, it create those files in %tmp%)

There is not much we can do about that other than asking AV company to whitelist those files ... mozilla did not do it so... this is because of Filseclab and Cylance. and they are doing so because of 3 possibles reasons.

1. Analysis indicate an installer and they are blacklisting the file because it does what it does which is installing an application
   Or
2. Some malware are using official mozilla installer to install itself and engineers at the av company did not bother to make a deep analysis.
   Or
3. A lot of av company give false positive just to say there is something where in fact there is nothing.

They are mozilla signed anyway so it's trust-able.

Also Librefox could be applied manually without the installer.

[intika]

I forget thank you for contributing and reporting back this it's appreciated :)

[brainscar]

@intika is right.

It goes like this:

Firefox Setup 63.0.3.exe > setup.exe (in tmp) > system.dll and nsExec.dll

I have uploaded them here (from the official Mozilla build) :

https://www.virustotal.com/#/file-analysis/YjU1ZjdmMWIxN2MzOTAxODkxMGMyMzEwOGY5MjkwODI6MTU0NTE3MzAxOA==

https://www.virustotal.com/#/file-analysis/MTdlZDFjODZiZDY3ZTc4YWRlNDcxMmJlNDhhN2QyYmQ6MTU0NTE3MzA0Nw==

Nothing we can do about it.

[intika]

Closing this as wontfix... thanks again for taking time for the report